also @ TechSpot: Toshiba abandons netbook market in US, focuses on Ultrabooks instead

TechSpot

Possible to Read Encrypted Snoop traces?

Discussion in 'The Alternative OS' started by MattG, Mar 6, 2005.

Thread Status:
Not open for further replies.

  1. MattG Newcomer, in training

    Hey Everyone,

    Where i work for a software company, we support Sun Solaris 2.8 and 2.9.

    Little background of the software first. Mainly, its a Network Management Suite. However, we have the ability to launch an SSH client against the selected model you have, say a router.

    Now, in this scenario we have 3 machines.
    1 - The Server
    2 - The Device
    3 - The Machine you are connecting from

    I set my fourth machine to snoop box number 3. I proceed to connect to Machine number 1 from Machine 3. I have connected to Number 2 via SSH java ssh client. I logged in, did a few things, yada yada, logged out.

    I stopped the Trace, and opened ethereal to view it. Now, it is encrypted for the most part. Aside from giving me the user name i logged in with (root), it does not give me the password. Which is how it is designed (ssh that is).

    I am just wondering if there is some other way i should be aware of that could give this password away. Some sort of Script Kiddie thing, something that can run locally if said were hacked, etc.

    Reason i am asking is because i was asked by a customer (i am in support here) if the line was secure from machine 3 to 1, knowing that it launches a SSH session from 1 to 2. and NOT from machine 3 to 2.

    However, it does appear to me that its secure for the most part.

    Thanks for any help guys.

    -Matt
    MattG, Mar 6, 2005
    #1

  2. Nodsu Newcomer, in training

    SSH is line-secure. There are some buggy implementations with rather theoretical man-in-the middle attack possibilities. If you are all patched up then there should be no problem.

    The biggest problems with SSH are the machines themselves:
    server masquerading - you are tricked to connect to some other machine instead of the one you intended (not many people bother to check the fingerprints).
    compromised server - the SSH daemon on the server machine has some extra "features" like reporting your password to someone.
    compromised client - you have a keylogger or a modified SSH client again recording your password.

    Of course the SSH sessions can be brute-forced but that is hardly something a script kiddie can do if you use decent encryption.
    Nodsu, Mar 7, 2005
    #2

  3. Nodsu Newcomer, in training

    Nodsu, Mar 7, 2005
    #3

  4. MattG Newcomer, in training

    Thanks man. Exactly what i was looking for.
    MattG, Mar 7, 2005
    #4
Thread Status:
Not open for further replies.